COLUMBUS, Ohio, Sept. 7, 2018 /PRNewswire/ — Although it has no confirmation of unauthorized access to or acquisition of personal or protected health information, Ohio Living in Columbus, Ohio announced today that it has taken action after becoming aware of an incident in which an unknown third party gained access to employee email accounts. Out of an abundance of caution, Ohio Living is providing this notice of this event to potentially impacted individuals, as well as certain regulators.
What Happened? On July 19, 2018, Ohio Living determined that there were potential unauthorized logins into some Ohio Living employee email accounts. Previously, on July 10, 2018, Ohio Living became aware of suspicious activity relating to an employee email account. They quickly launched an investigation to determine what may have happened and what information may have been affected. Working together with a leading computer forensics expert, Ohio Living’s investigation determined that an unknown individual accessed employee email accounts on July 10, 2018. Because they were unable to determine which email messages may have been opened or taken by the unauthorized actor, Ohio Living reviewed the email accounts to identify what personal information was stored within them.
What Information Was Involved? On September 4, 2018, Ohio Living determined that the affected email accounts contained, and the unauthorized actor may have accessed or acquired, information related to certain individuals who attended an Ohio Living facility, and/or received treatment from an Ohio Living facility, including the following types of information: name, contact information, Social Security number, financial information, date of birth, medical record number, patient identification number, medical and/or clinical information including diagnosis and treatment information, and health insurance information.
Ohio Living cannot confirm whether any individual’s personal information was actually accessed, viewed, or acquired without permission. They are providing this notification out of an abundance of caution.
What They Are Doing. Ohio Living has strict security measures to protect the information in its possession. Upon learning of this incident, they quickly disabled the known impacted employee email account, changed the password, and notified other employees to be on the lookout for suspicious emails. Ohio Living then implemented password resets for all employees. They are currently implementing additional training and education for employees to prevent similar future incidents. They are also offering the impacted individuals access to complimentary credit monitoring services as an added precaution. Because Ohio Living has insufficient contact information for the some of the individuals whose information may be contained in the impacted employee email accounts, Ohio Living is providing notice to potentially impacted individuals by way of a notification posted on the homepage of its website, https://www.ohioliving.org, as well as by publishing notice to certain state media outlets and in certain state media publications. Ohio Living is mailing notice letters to those individuals for whom Ohio Living has confirmed mailing address information.
For More Information. Ohio Living has established a dedicated assistance line for individuals seeking additional information regarding this incident. Individuals may call 877-670-0980, 9 a.m. to 9 p.m. ET, Monday through Friday with questions or if they would like additional information.
What You Can Do. Ohio Living encourages everyone to remain vigilant and take steps to protect against possible identity theft or other financial loss by reviewing their account statements and Explanation of Benefits statements regularly and monitoring their credit reports for suspicious activity. Under U.S. law, individuals over the age of 18 are entitled to one free credit report annually from each of the three major credit bureaus. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Individuals may also contact the three major credit bureaus directly to request a free copy of their credit report.
Ohio Living encourages individuals who believe they may be affected by this incident to take additional action to further protect against possible identity theft or other financial loss. At no charge, individuals can also have the credit bureaus place a “fraud alert” on their credit file that alerts creditors to take additional steps to verify their identity prior to granting credit in their name. Note, however, that because it tells creditors to follow certain procedures to protect the individual, it may also delay their ability to obtain credit while the agency verifies their identity. As soon as one credit bureau confirms the individual’s fraud alert, the others are notified to place fraud alerts on the individual’s file. Should the individual wish to place a fraud alert, or should the individual have any questions regarding his or her credit report, the individual can contact any one of the agencies listed below.
An individual may also place a security freeze on their credit reports. A security freeze prohibits a credit reporting agency from releasing any information from an individual’s credit report without the consumer’s written authorization. However, individuals should be aware that placing a security freeze on their credit report may delay, interfere with, or prevent the timely approval of any requests they make for new loans, credit mortgages, employment, housing, or other services. If an individual has been a victim of identity theft, and the individual provides the credit reporting agency with a valid police report, it cannot charge the individual to place, lift or remove a security freeze. In all other cases, a credit reporting agency may charge a fee to place, temporarily lift, or permanently remove a security freeze. Individuals will need to place a security freeze separately with each of the three major credit bureaus listed above if the individual wishes to place the freeze on all of their credit files. In order to request a security freeze, you will need to supply your full name, address, date of birth, Social Security number, current address, all addresses for up to five previous years, email address, a copy of your state identification card or driver’s license, and a copy of a utility bill, bank or insurance statement, or other statement proving residence.
To find out more on how to place a security freeze, individuals can contact the credit reporting agencies using the information below:
Individuals can further educate themselves regarding identity theft, fraud alerts, and the steps they can take to protect themselves, by contacting the Federal Trade Commission or their state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, D.C. 20580, www.ftc.gov/idtheft/, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. Individuals can obtain further information on how to file such a complaint by way of the contact information listed above. Instances of known or suspected identity theft should also be reported to law enforcement. This notice has not been delayed by law enforcement.
View original content:https://www.prnewswire.com/news-releases/ohio-living-provides-notice-of-data-security-incident-300709028.html
SOURCE Ohio Living